This guide is focused on installing Sphinx-relay on top of raspiblitz. Information about raspiblitz can be found at: https://raspiblitz.com/.
- Be able to connect with your node through SSH.
- Connect to raspiblitz as
admin
:
$ ssh [email protected]
Use password raspiblitz
unless you have already changed it.
sqlite3: $ sudo apt install sqlite3
python2 (if not present): $ sudo apt install python2
note: This port can be whatever number you want. You can edit it in config/app.json in the node_http_port
setting
Open up a console window with SSH. And log in as root
$ sudo su
Open up port 3001 on your machine and make sure it has been added to the list.
# ufw allow 3001 comment 'allow Sphinx-Chat'
# ufw status
> Status: active
>
> To Action From
> -- ------ ----
> 3001 (v6) ALLOW Anywhere (v6) # Sphinx-Chat
login as user bitcoin.
$ sudo su bitcoin
$ cd
Clone the repository from Github and install the package.
$ git clone https://github.com/stakwork/sphinx-relay
$ cd sphinx-relay
$ npm install
Edit the "production" section of config/app.json.
$ cd
$ cd sphinx-relay/config/
$ nano app.json
Change the following 4 lines:
"macaroon_location": "/home/bitcoin/.lnd/data/chain/bitcoin/mainnet/admin.macaroon",
"tls_location": "/mnt/hdd/lnd/tls.cert",
"lnd_log_location": "/home/bitcoin/.lnd/logs/bitcoin/mainnet/lnd.log",
Save and exit:
Ctrl + X
Y
Enter
Edit the "production" section of config/config.json
$ nano config.json
Change the following line to:
"storage": "/home/bitcoin/sphinx.db"
Save and exit:
Ctrl + X
Y
Enter
Edit the public_url
in config/app.json to equal your local IP
note: Sphinx client uses HTTP to communicate with sphinx-relay. Since setting up SSL on a local network is problematic (you don't have any domain names to authenticate with certificates), you have to rely on your local network security. Below is an example of how Sphinx/sphinx-relay communications look like in tcpdump:
{"success":true,"response":{"seen":false,"id":393,"chat_id":1,"uuid":"iJ8xow2hhR4AvLj8SGg3Eu","type":0,"sender":1,"amount":0,"date":"2020-09-15T20:49:36.000Z","message_content":"edNsPx6GmrXlM2jPwphOMaGPblpRxvkrYJcvuK2TEZDCTdFp3dFqKeZaWZS64vd/AlQCK9NQ754PWqwQHON1Ox3MMIb8SiD87WRlYSIWqAKy3PsipGiq99qDr/U5Cky7T+VKbAQyjGl4KtFo0ZWNJmzSykkjeaqj1xtsipHCAlcDIzE5KV1bomUh6z9/P22nxRfxXALCKQ7TANU0yAVqnoocvVrXNaFC77Q7t9G/zxbnf+fGU8gBEt9R/3AncpTvY7xd/bCe0EjTASj13/P9ZzZBb60LM+MEp4vxMpEwLkLCwREVBUYbac+gtznNOCoYb8u15zz9DwP9qZ49/xZwCw==","remote_message_content":"{\"3\":\"EUlLtTGQToo5MsUxsbyLDnC7jzrDX3vZjLxH48r2Fnqnyi1XWZyf9+PA84934KzqOtUXvmqmV8E5QlNtTXh1pYpOWVuO1yX+0by03BQOuoJaoHRWrRTIHZP2xOff8VufcNmb57M4PgXQaH38V+iFWQkQaBaKmagh74jVfg7kH+ZsqdTBYw7CnFSUKXdc6E8JYeEwIRuCMOHdDB9STyUVdVTm8WtEa2pB6Yagkcx4rsWJY/vbEkjYhSRGb8dO2DESB3KtYtO+J7Xs/Z/Djolk3iFcMb59XVKoIqBbxg+KZPK7Vrv06TtSr4OFSgiSnkyxm+r6TDxiNxVaisAXFWB9cg==\"}","status":0,"created_at":"2020-09-15T20:49:36.000Z","updated_at":"2020-09-15T20:49:36.555Z","status_m
Message payloads are encrypted with sphinx cypher, but all metadata is transmitted in cleartext.
note: it is recommended to use SSL encryption for any communications between Sphinx and sphinx-relay outside of a trusted network. Docker deployment guide sets up SSL encryption for you automatically, you only have to obtain your domain and certificates. If you still want to set up sphinx-relay manually, the instructions to set up the SSL are below.
Edit the public_url
in config/app.json to equal your public IP or fully qualified domain name
Make sure that port 3001 forwarding is properly set up.
For extra security:
$ export USE_PASSWORD=true
As noted in the previous section, you might want to protect communications between your Sphinx client and sphinx-relay with SSL.
In order to do that, obtain a domain and an SSL certificate for your sphinx-relay server and set up a reverse proxy with NGINX (or a more lightweight alternative).
We recommend using Let's Encrypt service to obtain a free SSL certificate and acme.sh for setting it up and renewals.
To configure NGINX as an SSL reverse proxy:
$ sudo apt install nginx
sudo nano /etc/nginx/sites-available/YOUR-DOMAIN
Use the following NGINX config:
server {
listen 53001 ssl;
server_name YOUR-DOMAIN;
# Edit the above _YOUR-DOMAIN_ to your domain name
ssl_certificate /etc/letsencrypt/live/YOUR-DOMAIN/fullchain.pem;
# If you use Lets Encrypt, you should just need to change the domain.
# Otherwise, change this to the path to full path to your domains public certificate file.
ssl_certificate_key /etc/letsencrypt/live/YOUR-DOMAIN/privkey.pem;
# If you use Let's Encrypt, you should just need to change the domain.
# Otherwise, change this to the direct path to your domains private key certificate file.
ssl_session_cache builtin:1000 shared:SSL:10m;
# Defining option to share SSL Connection with Passed Proxy
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Defining used protocol versions.
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
# Defining ciphers to use.
ssl_prefer_server_ciphers on;
# Enabling ciphers
access_log /var/log/nginx/access.log;
# Log Location. the Nginx User must have R/W permissions. Usually by ownership.
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3001;
proxy_read_timeout 90;
}
} # Don't leave this out! It "closes" the server block we started this file with.
Save and exit:
Ctrl + X
Y
Enter
To make the file active, we will need to link the file in the sites-available folder to a location within the sites-enabled folder. Again, change YOUR-DOMAIN here with the actual name of the file you created earlier.
ln -s /etc/nginx/sites-avaialable/YOUR-DOMAIN /etc/nginx/sites-enabled/YOUR-DOMAIN.conf
To test your NGINX configuration:
$ nginx -t
To start your new NGINX SSL proxy:
$ sudo systemctl restart nginx
We need LND to run with keysend activated. First, we check if it is already enabled on your node.
Go to raspiblitz menu, or:
$ raspiblitz
Find menu "Services" item and activate Keysend.
Now it's time to run the software.
$ cd
$ cd sphinx-relay/config/
$ npm run prod
When Relay starts up, it will print a QR in the terminal. You can scan this in your app (Android or iOS) to connect!
Before you start this part, make sure your app is connected and that you are able to send & receive messages.
Login as admin.
$ sudo su admin
Create a file named sphinx-relay.service
$ sudo nano /etc/systemd/system/sphinx-relay.service
Copy and paste the following text to add it to the file:
[Unit]
Description=Sphinx Relay Service
After=network.target
[Service]
Type=simple
User=bitcoin
WorkingDirectory=/home/bitcoin/sphinx-relay/config/
ExecStart=npm run prod
Restart=always
RestartSec=5
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=sphinx-relay
[Install]
WantedBy=multi-user.target
Save and exit:
Ctrl + X
Y
Enter
Let's run!
$ sudo systemctl enable sphinx-relay
$ sudo systemctl start sphinx-relay
Check if Relay successfully started.
$ sudo systemctl status sphinx-relay
$ sudo systemctl stop sphinx-relay
You can pull directly from git to update your relay. If you have only changed your config files, the following should work:
systemctl stop sphinx-relay
- cd into your sphinx-relay directory (
cd sphinx-relay
) git stash && git checkout master && git pull && git stash pop
- [OPTIONAL, ONLY IF A NEW NPM DEPENDENCY HAS BEEN ADDED]:
npm i
systemctl start sphinx-relay
This probably is not the most efficient way to update. But it works, so we got that going, which is nice. Feel free to optimize the process and contribute. :)
Login as admin
and stop the program.
$ sudo systemctl stop sphinx-relay.service
login as user bitcoin
.
$ sudo su bitcoin
$ cd
$ rm -rf sphinx-relay
Clone the repository from Github and install the package.
$ git clone https://github.com/stakwork/sphinx-relay
$ cd sphinx-relay
$ npm install
Edit the "production" section of config/app.json.
$ cd
$ cd sphinx-relay/config/
$ nano app.json
Change the following 4 lines:
"macaroon_location": "/home/bitcoin/.lnd/data/chain/bitcoin/mainnet/admin.macaroon",
"tls_location": "/mnt/hdd/lnd/tls.cert",
"lnd_log_location": "/home/bitcoin/.lnd/logs/bitcoin/mainnet/lnd.log",
"lncli_location": "/home/bitcoin/go/bin",
Also edit the public_url
in config/app.json to equal your public IP or fully qualified domain name
Save and exit:
Ctrl + X
Y
Enter
Edit the "production" section of config/config.json
$ nano config.json
Change to following line to:
"storage": "/home/bitcoin/sphinx.db"
Save and exit:
Ctrl + X
Y
Enter
Login as admin.
$ su admin
Or
$ exit
Turn the service on and check the status.
$ sudo systemctl enable sphinx-relay
$ sudo systemctl start sphinx-relay
journalctl -u sphinx-relay -f